One or more aspects of the present invention relate in general to the field of server environments, and in particular, to accessing privileged objects in a server environment and a corresponding server environment.
Network communication is usually offered by an operating system kernel through a socket interface. All calls for creating and manipulating the sockets as well as inbound and outbound data transfer are handed to the operating system kernel via system calls. The operating system kernel has code to process these requests.
Performance of today's networking communication is impacted by data transfer overhead and system call overhead. Semi-privileged instruction can help to drive traffic from user space, but have a static association with an application at best, e.g. the semi-privileged instruction can identify the application and perform data transfers, but still fails to operate in a parent/child process paradigm, where a socket connection can be used by the parent process or the child process after forking. If kernel operations like splice, sendfile etc. are to be performed, the semi-privileged call from user space does not apply or requires superfluous copies from kernel space to user space and use such instructions from there.
For high speed communication, it is beneficial to use instructions directly from user space to exchange data. While socket creation takes place in the operating system kernel, data can be sent and received without having to call the operating system kernel through expensive system call interfaces. The code to send and receive data is in user space libraries which exploit special hardware instructions to initiate data transfers. This introduces an authorization issue. The data transfer instructions are semi-privileged to prevent that processes can interfere with sockets of other processes. Semi-privileged instructions perform some sort of authorization check in the firmware. For instance, a token could be associated with a socket, and the token is also associated with the current process. The operating system scheduler ensures that the token associated by the process is available to the firmware to perform the authorization checks. For instance, the process identification value could be written to a specific location in memory to which only the kernel has write access, to allow firmware to check whether the current process is authorized to operate on a socket. On System z, an address space control element (ASCE) can be used, too. If the current context is the operating system kernel itself, authorization will always succeed.
This scheme of using semi-privileged instruction for data transfers exhibits several issues. It does not cover the fork paradigm of Unix-like operating systems. Usually, application processes establish connections, then the processes fork and the child process continues to use the established connection. As the operating system does not know whether the child process will really continue to use the connection socket, or the parent process will continue to use it, it does not know, which token should be associated with the socket and usually, only one token is used for authorizing purposes, so a list of tokens for the child process and the parent process is not possible. In the traditional way of handling such cases in the operating system kernel, the connection socket will be open for both processes, so the authorization check of the socket code will succeed. With the use of semi-privileged instructions a blocking transfer (write/read) conflict arises, so the process needs to be put aside. Polling around semi-privileged transfers instructions would greatly increase CPU (Central Processing Unit) consumption. A select call, respectively poll or epoll, is a way for applications to get notification if something like incoming data happens to a connection socket. Several sockets are watched simultaneously, and as soon as one of the observed sockets are worthwhile further consideration, the select call returns, indicating, which of the observed sockets experienced a state change. When semi-privileged instructions are used to operate on sockets, a method is required to enable applications to call select on several sockets, passing on “select” processing to the operating system kernel. Extensions to the networking stack in the operating system, like sendfile and splice operations, transfer data directly from other files or data streams in the kernel space, without having to route data to an application process which passes it back for sending out over the network, greatly reducing CPU consumption. However, when the data transfer takes place in user space through semi-privileged instructions, data has to be read from files or streams and passed on to user space for transmission.
In the U.S. Pat. No. 7,139,832 B2 “DATA TRANSFER AND INTERMISSION BETWEEN PARENT AND CHILD PROCESS” by Kameyama et al., which is hereby incorporated herein by reference in its entirety, a data transfer method is disclosed realizing a function similar to UNIX's fork function. The disclosed data transfer method allows a parent process on a server to issue a request for intermission of communication to a process on a client and allows the process on the client to issue a report of completion of intermission. Further the data transfer method allows the parent process to issue, to a child process created on the server and the process on the client, a request for establishment of a new communication line connection between them. If the parent process has received data from the process on the client before the establishment of the new connection, the data is copied to the child process. According to the disclosed data transfer method a child process cannot access the memory and connection(s) of the parent process. Therefore, a second connection is established. An emulation layer on both sides hides the fact that two connections are used. This approach carries the drawbacks, that code changes are required on both sides of the network, e.g. need to change a client in the Internet which wants to read from an enabled web server. Further two connections need to be established, which results in latency and increased resource consumption. Also coordination of those two connections is additional overhead. The use of two connections adds complexity to diagnostics and its procedures and needs to add changes to diagnostics tools. Even with the use of semi-privileged instructions, two connections will have to be employed, with the above mentioned disadvantages. Also kernel-level operations, such as splice and sendfile are not considered.